Chrome Ext issue is occuring. Seems to be related to posthog.capture()

[seanwessmith]

Bug Description
Bug description
I've created a simple reproduction for this issue. You can find it here.

Since 1st of August, we started getting rejections from Chrome Store for our browser extension. The reason for these rejections is that remote code execution is not allowed in Manifest v3 extensions.

Some posthog features are using remote code execution via injecting a script tag:

session replays
surveys
autocapture
toolbar
Unfortunately, they are included in the bundle even if not used.

Here are the emails that we got from the Chrome Store:
image
image

How to reproduce
Clone the reporduction repo
Run pnpm i and then pnpm build
Open generated dist/content-scripts/main.js
Find 4 places with remote code execution (script tag injection) for:
/static/exception-autocapture.js
/static/surveys.js
/static/recorder.js
/static/toolbar.js
Additional context
This is not a bug, and I don't really know how this can be solved. Right now I've just forked the repo and removed all these features by hand.
Probably, the best way to enable them in the extensions would be to import the source code directly, instead of injecting script tags.

Debug info
No response

Chrome Ext issue is occuring. Seems to be related to posthog.capture()

import posthog from "posthog-js";
posthog.capture()

Code snippet: popup.js: loadScript("/static/recorder.js?v=".concat(ar.LIB_VERSION),
Code snippet: content_script.js: loadScript("/static/toolbar.js?t=".concat(s),
Code snippet: report.js: loadScript(this.instance.requestRouter.endpointFor("assets", "/static/exception-autocapture.js?v="

[seanwessmith]

related issue on Posthog

#1394

[marandaneto]

dupe #1394